But in reality what we see is that attackers use phishing campaigns to get unsuspecting staff in organisations to click on a link that downloads the ransomware which encrypt all files on the organisations system and leaves a note demanding large bitcoin payments in exchange for a decryption key.
Ransomware attacks are now having a global impact being driven by criminal gangs who see ransomware attacks as a new source of income. The financial aspect of ransomware attacks means these ransomware attacks are usually the domain of criminal gangs and one state threat actor North Korea that uses cyber-attacks to raise funds for that regime.
We are now seeing a new ransomware supply chain attack unfold. A supply-chain attack on Kaseya, a company which provides management, monitoring and automation software for managed service providers (MSPs), has led to ransomware infections among Kaseya customers around the world. Kaseya provides a number of services to its customers such as resolving IT incidents, automation of common IT processes including software deployment, patch management, antivirus and antimalware deployment and routine maintenance of applications.
An unknown number of the Kaseya company's 40,000 customers in 10 countries have been impacted by REvil ransomware, the ransomware has been delivered through an automatic update of the Kaseya VSA client management and monitoring system. The attack has already impacted Swedish organisations, where 500 Coop supermarkets of Coop 800 supermarkets have been forced to close due to the ransomware attack. The ransomware attack impacted Coop after their point-of-sale tills and self-service checkouts and resulted in supermarkets not being able to operate.
We also see ransomware attacks occurring globally, the recent ransomware attack on the USA Colonial Pipeline is one of the most significant attacks on USA critical national infrastructure. The USA Colonial pipeline transports nearly half of the USA east coast's fuel supplies had been impacted and prices at the pumps rose as the USA was hit by a fuel shortage. The FBI has confirmed that the Russian Darkside ransomware criminal gang was responsible for the compromise of the Colonial Pipeline network and is also thought to be behind the Kaseya ransomware attack.
In terms of ransomware attacks in Australia we have seen media organisations, meat processing companies, local council, schools, healthcare organisations all being impacted by ransomware attacks. The major issue that Australia faces is the healthcare sector, the Australian government has raised concerns about recent ransomware campaigns in 2020 targeting the aged care and the healthcare sectors. The issue is that cyber criminals view the aged care and healthcare sectors as lucrative targets for ransomware attacks during the COVID-19 crisis. The Australian government is concerned because of the sensitive personal and medical information they hold and how critical this information is to maintaining operations and patient care during the COVID-19 pandemic crisis.
But organisations can take steps to protect against ransomware attacks. The Australian Cyber Security Centre suggests seven steps that organisations should follow to protect themselves against ransomware attacks, the key steps for organisations should follow are:
STEP 1: Update your device and turn on automatic updates. Run an update on all devices and turn on automatic updates to ensure you always have the most up-to-date security protection.
STEP 2: Turn on two-factor authentication. Add multiple layers of authentication to increase the security of your accounts.
STEP 3: Setup and perform regular backups. Automatically copy and store critical information to a backup device by turning on or confirming automatic backups.
STEP 4: Implement access controls. Make your computer more secure and manage who has access to security settings by implementing access controls.
STEP 5: Turn on ransomware protection. If you are using Windows 10, you can enable built-in ransomware protection. If you are using another operating system, source and install a ransomware protection program.
STEP 6: Prepare your cyber security emergency plan. Unless you are responding to a ransomware attack right now, fill out the cyber security emergency plan to greatly reduce stress and time during a cyber security incident.
STEP 7: Remain vigilant and informed. Stay up to date on cyber security threats and trends information from the Australian Cyber Security Centre.
The other key advice that the Australian Government suggest to Australian organisations is to never pay a ransom. The reason for this is that there is no guarantee the attackers would restore organisations information, stop attacking the organisation, or that they would not leak or sell any of the information they obtained after the ransom has been paid.
For additional information about ransomware protection can be found at:
https://www.cyber.gov.au/ransomware
Author: Professor Matt Warren
Director of the RMIT University Centre for Cyber Security Research & Innovation.